According to an American cyber surveillance body, Medtronic brand defibrillators are hackable due to a security flaw.
750,000 implantable defibrillators have a flaw, allowing hackers to recover the medical data they contain and alter their operation. The CISA (Cybersecurity and Infrastructure Security Agency), an agency attached to the United States Department of Homeland Security, published the information in a noteMarch 21th.
Devices implanted under the skin
Implantable cardioverter defibrillators are installed in people who have already had a serious ventricular arrhythmia or who have a heart disease likely to cause it according to the French Federation of Cardiology. These are titanium boxes containing a battery, an electronic circuit and capacitors. Once placed under the skin, the device is connected to electrodes placed in the heart chambers. The tool makes it possible to constantly monitor the heart rate and to stimulate, if necessary, the heart in the event of abnormal cardiac activity. Some patients also have a telecardiology box, which retrieves data from the device to allow a medical team to remotely monitor its operation and arrhythmias.
Low risk according to Medtronic
The devices implicated by the CISA allow a hacker to recover the data if he is near the defibrillator. It can also disrupt or even modify the transmission of information to the device in charge of recovering it, which can be dangerous for the wearer.
The company Medtronic reacted by explaining that the risk was low: you have to be very competent in computer science, know the model and the parameters of the defibrillator, and at the same time, be close enough to the device to manage to steal the data. The company, in accordance with the Food and Drug Administrationrecommends its patients to continue using it and assures that it is working on updates to fix the problem.
.
